1. Field of the Invention
This invention relates to communication devices and communication methods for improving communications between private networks, which are connected to wide-area networks, in terms of security.
This application claims priority on Japanese Patent Application No. 2005-182540, the content of which is incorporated herein by reference.
2. Description of the Related Art
Conventionally, “Ethernet” (registered trademark) is known as a type of local area network set up at companies so as to mutually interconnect communication networks (hereinafter, referred to as private networks), each of which interconnects prescribed communication terminals, via private lines, thus allowing communications to be performed between private networks. In general, private lines are secure from wiretapping and manipulation in communications. Hence, it is possible to establish security in communications between private networks via private lines.
However, there is a considerable cost in the establishment of private lines. For this reason, it is demanded that private networks be connected to wide-area networks (such as the Internet) to connect many communication terminals in public so as to establish security in communications between private networks via wide-area networks. In order to satisfy such demand, conventional technology known as “IPsec” (i.e., Internet Protocol Security Protocol) is used.
IPsec is a technology in which communications are performed by way of routers in connection with private networks via wide-area networks and are subjected to encryption in accordance with communication protocols known as ESP (Encapsulating Security Payload) and IKE (Internet Key Exchange), thus avoiding wiretapping and manipulation of data transmitted between routers. Specifically, EPS provides communication protocols for encrypting certifications and communications between routers in accordance with prescribed algorithms, and IKE provides communication protocols for producing key information for encryption.
As described above, communications based on IPsec are performed by way of routers in connection with private networks connected to wide-area networks, thus establishing security in communications between routers. In order to realize communications based on IPsec, it is necessary to set various control parameters regarding IPsec for the routers. Generally, it is necessary for engineers or operations managers (or datacenter managers) to manually set up control parameters for routers.
Numerous control parameters are required for the setup of routers. In addition, it is necessary to set up the same control parameters for all routers performing communications based on IPsec because routers which do not have the same control parameters cannot perform communications based on IPsec. Hence, it is very troublesome for operations managers to perform setup operations on routers. When operations managers make errors in setting up control parameters, it is very difficult for them to identify the incorrectly set parameters among the numerous control parameters.
Various technologies have been developed to make the setup of control parameters easier and to avoid setup errors. Examples are disclosed in Japanese Unexamined Patent Application Publication No. 2004-104542 and in the websites at the URLs http://www.cisco.com/japanese/warp/public/3/jp/service/tac/105/ dmvpn-j.shtml and http://www.nec.co.jp/press/ja/0411/2904.html.
The aforementioned technologies teach that control parameters are stored in advance on servers, which are accessible by routers for establishing connections between private networks and wide-area networks, and the control parameters stored on the servers are downloaded to and stored on the routers so that the same control parameters can be properly set up for the routers.
In the aforementioned technologies, when numerous routers simultaneously make download requests of servers in a short period of time in order to download control parameters, the servers may bear very high processing loads, due to which the time required for completing downloading of control parameters is increased. When malfunctions occur in the servers so that the servers cannot accept download requests, it becomes impossible for the routers to perform communications based on IPsec.